I don't think she is ignoring the value of testing -- rather, her job is to come up with languages that are more intuitive, so that bugs are less likely to be generated in the first place, so that less testing is required. The reason she didn't mention testing is because testing isn't her area of expertise -- you might as well criticize a car-engine designer for not talking about air bags.
Who's to blame for this then? not you. You've already ensured you hadn't linked to it.
Absolutely you, because you assumed that not linking to a document would make it private. Bad assumption. Even without Opera's "feature", someone could stumble upon the proper URL by blind luck, or as part of a dictionary attack, or by sniffing HTTP header traffic.
If you want to keep something private, don't put it on a public web site. Period.
"Why do we rely on the user to understand this rule?" Probably because these are the same people who we trust driving automobiles, running banks, and owning guns.
What purpose does it serve to give people an easy way to shoot themselves in the foot? Do you run your Linux boxes as root all the time? If not, why not? Surely you trust yourself not to do anything dumb, right?
How difficult is "don't open attachments from ANYONE you don't know and only those you do know after you've properly confirmed it's really from them" to understand?
Apparently too difficult for many users, as the rapid spread of MyDoom has made apparent.
The problem is that practicing safe computing takes a little extra effort and it inconveniences their lives
Why should it it take extra effort? There isn't any reason that safe computing can't be the default mode of software operation -- it's just that current software products weren't coded with safety in mind.
If the software made it difficult to open attachments then you can bet that the first thing most users would do is either 1) disable the feature that makes it difficult or 2) switch to other software where it wasn't difficult.
Users who are computer-literate enough to know how to do either of those things are not the users causing the problem. Any user who doesn't know to not click on attachments, probably doesn't know how to do (1) or (2) either -- conversely, anybody who does know how to do (1) or (2) probably knows how to handle email safely as well.
The virus spreads when Internet users ignore a basic rule of Internet life: never click on an unknown e-mail attachment. Once someone does, MyDoom begins to send itself to the names in that person's e-mail address book.
Ah, a "basic rule of the Internet"... never open unknown email attachments. So why do we rely on the user to understand this rule? Why don't the common beginning-level email programs (read: Outlook) make it very difficult (impossible?) for beginners to open potentially-dangerous attachments from email addresses that aren't in the address book? Seems like there is too much blaming the victim going on here, and not enough protecting them.
Note that combining Bayesian with a white-list makes it more effective. (the assumption being that anything your friends send you won't be spam, so you can skip the Bayesian analysis and just give their emails an automatic non-spam rating). Combine that with a mechanism that automatically white-lists the sender of any email you marked as non-spam, and you've got a pretty effective system. (for extra credit, the mechanism can remove from the white-list the sender of any email you marked as spam -- that way you can easily fix mistakes)
Ever \/\/0|\|D3R why you're getting so much spam with obfuscated words?
Nope, because my Bayesian filter works just as well for 0bfu5c4t3d words as it does for properly spelled ones. They are all just sequences of letters, and anything that is deliberately misspelled is going to become identified as spammy very quickly.
Or why you're getting so much spam where the text content is contained primarily in images rather than plaintext?
Nope, because I have images turned off by default in my mail viewer. If a stranger wants me to read his email, he'll need to send it as plain text, because (as you point out) HTML email with images is used as a spam vector and little else.
BTW, this article explains why there will never be a filtering-based solution to solving spam until SMTP itself is made more secure.
Funny, my Bayesian filter is working fine at this very moment. Who should I believe, your article or my own eyes?
Not if you compress the data before sending it, and even if it was, who cares? It's not like IM chat streams are going to take a significant amount of bandwidth, no matter what format the use.
B) Harder to parse & hence less efficient that a binary format
How is downloading and calling the parse() method of any of several dozen free XML parsers "harder" than having to write and debug your own custom portable parser for a binary format? As for less efficient, probably -- but for modern processors and IM-style applications, the advantages of being easily cross-platform compatible and transparently extensible outweigh the extra CPU usage, which nobody will ever notice anyway.
C) Much easier to casually snoop on
If you think relying on obfuscated data formats is the best way to prevent snooping, you are in for some unpleasant surprises. If you are worried about snooping, you should tunnel your data over SSL, not pretend that having a hard-to-use data format is going to stop anybody from snooping.
Face it , XML is flavour of the month and trendy , it has zero advantages over formats
Face it, you are trying to criticize something based on the wrong criteria. XML was developed to solve a certain set of problems, and it solves those problems well. If you don't like it, then by all means don't use it, but don't think that means it's not useful to other people.
Qt relies on moc or something like that to preprocess C++ source files for signals & slots??
This is true, but it's not a problem in practice. Qt's qmake program generates a nice makefile for each platform that handles all the details for you, and you never really notice the moc files are there.
wxWindows isn't as nice in my opinion, but it does have the advantage of running on windows without the need to get, or use, Visual C++.
Qt doesn't require Visual C++ either -- it also supports Borland's free C++ compiler, which my company has been using with good results for 2 years now.
Isnt this kind of like what the BeOS did back in the day with its personal distro? Im thinking R4 and 5.
Kind of, but it's different too. What BeOS did was overwrite the running Windows OS image, so that after you double clicked the "Launch BeOS" icon, you had a machine that was running BeOS but not running Windows anymore. When you launch Co-operative Linux, on the other hand, you end up with a machine where both Linux and Windows are running, concurrently.
(FWIW, the BeOS overwrite-the-host-OS trick only work under Windows 9x, because NT-based flavors of Windows have memory protection that presents that sort of aggressive behaviour;^))
This is great for Linux people who are stuck at companies where everybody is required to run Windows on their PC... they can just boot Windows, double click the "Cooperative Linux" icon, maximize the Linux window, and forget about Microsoft for the rest of the day:^)
given the vastness of time in a cosmological sense, shouldn't NASA be considering 100-year or 1000-year timetables?
That would be ideal, but keep in mind that NASA is funded by Congress, an entity that changes its mind about everything every 2-8 years. Any NASA program that takes too long to complete is very likely to be cancelled halfway through, wasting 100% of the resources that were put into it.
But using IANANE like it's an established acronym just makes you look stupid.
OTOH, if nobody ever used an acronym unless other people were already using it, we'd never have any new acronyms at all. Slashdot culture would suffer terribly.
Novak declined to confirm or deny whether his column was based on these files. "They're welcome to think anything they want," he said. "As has been demonstrated, I don't reveal my sources."
Bob better be careful about the security of the software he runs... as this story demonstrates, it would be quite possible for his sources to be revealed for him.
What you may not realize is that SCO doesn't care whether their arguments make any logical sense. At this point they are just corporate trolls -- they just spew out every half-assed argument they can come up with, in the hopes that somebody unfamiliar with the issues will be taken in and give them money.
The only reason they can do this is because the GPL hasn't had any major legal tests before, and many people aren't familiar with how it works. Fortunately, once SCO's case has been publicly tossed out on its ass by the courts, the troll-for-pay business model will no longer be viable, because there will be a clear precedent.
If a company is dumb enough to take only their advertisers' word for it, instead of asking their users (or ex-users), then they probably deserve to wither up and die. Fortunately, it won't affect us users, since none of us will be going to that site anymore anyway.:^)
... is that anyone can set up an Internet site, whereas very few people have the ability to set up their own TV station. So let these guys make their sites as annoying as they want, it will only encourage alternative sites to spring up. One day, ESPN will wonder where all their viewers have gone, only to find they have migrated to opensports.net or somesuch.
Parent describes a perfectly credible tactic SCO might use: sign nominal but paltry deals with high-profile Linux user(s)
It might be a good strategy for SCO, but it would contradict Google's "don't be evil" policy, and so hopefully Google won't go along with such shennanigans.
What do you do when you need to represent a date before the epoch?
Well, one obvious way to handle it would be to use 64-bit signed integers instead... you'll only get 290,000 or so years into the future with those, but you'll get 290,000 or so years into the past as well... (or alternatively, define "the epoch" to be any date in the far-enough-distance past that you prefer to use)
Bah, you amateurs... the only proper way to represent a date/time is as an unsigned long long, signifying microseconds-since-epoch.
That format will work until the year 584,942AD, with microsecond accuracy.
(To anyone who would complain about this wasting space, I encourage you to check out the current prices for 512MB SIMMs and 80GB Hard drives at your favorite on-line store)
I don't think she is ignoring the value of testing -- rather, her job is to come up with languages that are more intuitive, so that bugs are less likely to be generated in the first place, so that less testing is required. The reason she didn't mention testing is because testing isn't her area of expertise -- you might as well criticize a car-engine designer for not talking about air bags.
I thought getting bought out was SCO's goal?
Absolutely you, because you assumed that not linking to a document would make it private. Bad assumption. Even without Opera's "feature", someone could stumble upon the proper URL by blind luck, or as part of a dictionary attack, or by sniffing HTTP header traffic.
If you want to keep something private, don't put it on a public web site. Period.
Oh yes it IS!
It may be BS and it may not, but it's also human nature ... people are more likely to take your ideas seriously if you haven't just pissed them off.
What purpose does it serve to give people an easy way to shoot themselves in the foot? Do you run your Linux boxes as root all the time? If not, why not? Surely you trust yourself not to do anything dumb, right?
How difficult is "don't open attachments from ANYONE you don't know and only those you do know after you've properly confirmed it's really from them" to understand?
Apparently too difficult for many users, as the rapid spread of MyDoom has made apparent.
The problem is that practicing safe computing takes a little extra effort and it inconveniences their lives
Why should it it take extra effort? There isn't any reason that safe computing can't be the default mode of software operation -- it's just that current software products weren't coded with safety in mind.
If the software made it difficult to open attachments then you can bet that the first thing most users would do is either 1) disable the feature that makes it difficult or 2) switch to other software where it wasn't difficult.
Users who are computer-literate enough to know how to do either of those things are not the users causing the problem. Any user who doesn't know to not click on attachments, probably doesn't know how to do (1) or (2) either -- conversely, anybody who does know how to do (1) or (2) probably knows how to handle email safely as well.
The virus spreads when Internet users ignore a basic rule of Internet life: never click on an unknown e-mail attachment. Once someone does, MyDoom begins to send itself to the
names in that person's e-mail address book.
Ah, a "basic rule of the Internet"... never open unknown email attachments. So why do we rely on the user to understand this rule? Why don't the common beginning-level email programs (read: Outlook) make it very difficult (impossible?) for beginners to open potentially-dangerous attachments from email addresses that aren't in the address book? Seems like there is too much blaming the victim going on here, and not enough protecting them.
Note that combining Bayesian with a white-list makes it more effective. (the assumption being that anything your friends send you won't be spam, so you can skip the Bayesian analysis and just give their emails an automatic non-spam rating). Combine that with a mechanism that automatically white-lists the sender of any email you marked as non-spam, and you've got a pretty effective system. (for extra credit, the mechanism can remove from the white-list the sender of any email you marked as spam -- that way you can easily fix mistakes)
Nope, because my Bayesian filter works just as well for 0bfu5c4t3d words as it does for properly spelled ones. They are all just sequences of letters, and anything that is deliberately misspelled is going to become identified as spammy very quickly.
Or why you're getting so much spam where the text content is contained primarily in images rather than plaintext?
Nope, because I have images turned off by default in my mail viewer. If a stranger wants me to read his email, he'll need to send it as plain text, because (as you point out) HTML email with images is used as a spam vector and little else.
BTW, this article explains why there will never be a filtering-based solution to solving spam until SMTP itself is made more secure.
Funny, my Bayesian filter is working fine at this very moment. Who should I believe, your article or my own eyes?
Jeremy
Not if you compress the data before sending it, and even if it was, who cares? It's not like IM chat streams are going to take a significant amount of bandwidth, no matter what format the use.
B) Harder to parse & hence less efficient that a binary format
How is downloading and calling the parse() method of any of several dozen free XML parsers "harder" than having to write and debug your own custom portable parser for a binary format? As for less efficient, probably -- but for modern processors and IM-style applications, the advantages of being easily cross-platform compatible and transparently extensible outweigh the extra CPU usage, which nobody will ever notice anyway.
C) Much easier to casually snoop on
If you think relying on obfuscated data formats is the best way to prevent snooping, you are in for some unpleasant surprises. If you are worried about snooping, you should tunnel your data over SSL, not pretend that having a hard-to-use data format is going to stop anybody from snooping.
Face it , XML is flavour of the month and trendy , it has zero advantages over formats
Face it, you are trying to criticize something based on the wrong criteria. XML was developed to solve a certain set of problems, and it solves those problems well. If you don't like it, then by all means don't use it, but don't think that means it's not useful to other people.
I'm not really sure... maybe I'll ask some of my co-workers in Vernon and see if they know ;^)
This is true, but it's not a problem in practice. Qt's qmake program generates a nice makefile for each platform that handles all the details for you, and you never really notice the moc files are there.
Qt doesn't require Visual C++ either -- it also supports Borland's free C++ compiler, which my company has been using with good results for 2 years now.
If the virus is traced back to SCO, they won't look like a victim... they'll look like a bunch of lying, scheming scumbags. Hm, wait...
Kind of, but it's different too. What BeOS did was overwrite the running Windows OS image, so that after you double clicked the "Launch BeOS" icon, you had a machine that was running BeOS but not running Windows anymore. When you launch Co-operative Linux, on the other hand, you end up with a machine where both Linux and Windows are running, concurrently.
(FWIW, the BeOS overwrite-the-host-OS trick only work under Windows 9x, because NT-based flavors of Windows have memory protection that presents that sort of aggressive behaviour
This is great for Linux people who are stuck at companies where everybody is required to run Windows on their PC... they can just boot Windows, double click the "Cooperative Linux" icon, maximize the Linux window, and forget about Microsoft for the rest of the day :^)
That would be ideal, but keep in mind that NASA is funded by Congress, an entity that changes its mind about everything every 2-8 years. Any NASA program that takes too long to complete is very likely to be cancelled halfway through, wasting 100% of the resources that were put into it.
OTOH, if nobody ever used an acronym unless other people were already using it, we'd never have any new acronyms at all. Slashdot culture would suffer terribly.
Bob better be careful about the security of the software he runs... as this story demonstrates, it would be quite possible for his sources to be revealed for him.
The only reason they can do this is because the GPL hasn't had any major legal tests before, and many people aren't familiar with how it works. Fortunately, once SCO's case has been publicly tossed out on its ass by the courts, the troll-for-pay business model will no longer be viable, because there will be a clear precedent.
If a company is dumb enough to take only their advertisers' word for it, instead of asking their users (or ex-users), then they probably deserve to wither up and die. Fortunately, it won't affect us users, since none of us will be going to that site anymore anyway. :^)
... is that anyone can set up an Internet site, whereas very few people have the ability to set up their own TV station. So let these guys make their sites as annoying as they want, it will only encourage alternative sites to spring up. One day, ESPN will wonder where all their viewers have gone, only to find they have migrated to opensports.net or somesuch.
It might be a good strategy for SCO, but it would contradict Google's "don't be evil" policy, and so hopefully Google won't go along with such shennanigans.
Well, one obvious way to handle it would be to use 64-bit signed integers instead... you'll only get 290,000 or so years into the future with those, but you'll get 290,000 or so years into the past as well... (or alternatively, define "the epoch" to be any date in the far-enough-distance past that you prefer to use)
That format will work until the year 584,942AD, with microsecond accuracy.
(To anyone who would complain about this wasting space, I encourage you to check out the current prices for 512MB SIMMs and 80GB Hard drives at your favorite on-line store)